[英]Hash password with random salt using JavaScript and validate from C#
I want to make password maintain process strong for an asp.net web application. 我想使asp.net Web应用程序的密码维护过程更加强大。 Please validate my idea if it is workable. 请验证我的想法是否可行。 If yes then please suggest sample code or links to implement. 如果是,请提出示例代码或实施链接。 Otherwise suggest how can I send password securely from browser to server and store in hash. 否则建议如何将密码从浏览器安全地发送到服务器并存储在哈希中。
Note: I am using TLS (SSL) already for security. 注意:为了安全起见,我已经在使用TLS(SSL)。
Steps: 脚步:
This is not secure. 这是不安全的。 The hashing and salting should be a hidden implementation secret that the server provides, not the client. 哈希和加盐应该是服务器(而不是客户端)提供的隐藏的实现秘密。 Since the client has the implementation secret, should someone gain access to your database, they can reverse engineer your security model. 由于客户端具有实现秘密,因此如果有人获得对您数据库的访问权限,则他们可以对安全模型进行反向工程。
HTTPS would protect the password in transit. HTTPS将保护传输中的密码。 I would also avoid rolling your own authentication system as there are many "gotchas". 由于有许多“陷阱”,我也避免使用自己的身份验证系统。 ASP.NET both Framework and Core provide strong patterns and implementations for authentication. ASP.NET Framework和Core都提供了强大的身份验证模式和实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.